Analysis
-
max time kernel
2099s -
max time network
2054s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
20-09-2024 09:55
General
-
Target
njRAT
-
Size
260KB
-
MD5
146a54683a735724a153d5f54f8180b3
-
SHA1
1a1c8190fd5b25eb32dc2acd32d640d6125b4162
-
SHA256
74f3b27c2f67c0eaf08b473144c580ed05e6488401092fd6cb129a8bd661de7d
-
SHA512
8df46b44c11038af702e077113a6488e1409c079b5a2a3f3fb8fe2f3b2f87b6c6e2a300b14bcb6049816acc6c87d27ae4c0b28cca86710fced45d03065530d15
-
SSDEEP
6144:DgVk4c3uokeOvHS1d1+CNs8wbiWQF9MvZJT3CqbMrhryf65NRPaCieMjAkvCJv1T:8k4c3uokeOvHS1d1+CNs8wbiWQF9MvZ4
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
1.0.0.721:6522
99f38bbe0af13fde32226e71d4a6ac11
-
reg_key
99f38bbe0af13fde32226e71d4a6ac11
-
splitter
Y262SUCZ4UJJ
Signatures
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 31 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 18 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\njRAT1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe555b3cb8,0x7ffe555b3cc8,0x7ffe555b3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2608 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5912 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6664675799019341476,12824017487876956400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\CobianRAT v1.0.40.7\CobianRAT v1.0.40.7.exe"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\CobianRAT v1.0.40.7\CobianRAT v1.0.40.7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\GHAWY HACKER EGYPT NjRat 0.7D v.2\GHAWY HACKER EGYPT NjRat 0.7D v.2.exe"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\GHAWY HACKER EGYPT NjRat 0.7D v.2\GHAWY HACKER EGYPT NjRat 0.7D v.2.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D01⤵
-
C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\NjRat 0.7D Horror Edition.exe"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\NjRat 0.7D Horror Edition.exe"1⤵
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\Payload.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ipjetable.com/register.php2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe555b3cb8,0x7ffe555b3cc8,0x7ffe555b3cd83⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\vpnconnector\connection.bat" "2⤵
-
C:\Windows\system32\rasdial.exerasdial "VPN" username password /phonebook:"C:\Users\Admin\Documents\vpnconnector\connection.pbk"3⤵
-
-
-
C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\Payload.exe"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\Payload.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\Payload.exe"C:\Users\Admin\Downloads\njRAT-All-Versions-master\njRAT-All-Versions-master\njRAT 0.7d Horror Edition\Payload.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59828ffacf3deee7f4c1300366ec22fab
SHA19aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA5122e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d
-
Filesize
152B
MD56fdbe80e9fe20761b59e8f32398f4b14
SHA1049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234
-
Filesize
4KB
MD5898470d9fc22ab3defd65b1f5eedfa90
SHA12d8be9fa71d6b57346cd4ee25dd87c45ec73b25f
SHA256066555ab9da2473d99be424bad1afc1fc2c8d9d61484ea06f0ee5eb9d3f55672
SHA51236bec55464d13575286ce2f5aecd0541ac41005bd57d9e928763f3f394449e15954f5277105e51057761ee33861f821691932f6391711310a6d0e124815b3547
-
Filesize
4KB
MD56364b1c21c29f787db7756e167066eb0
SHA1a261b74acffc4aaae8866e21e5f3a07b3c171d36
SHA256d6b47ec4fd50c322d83839c9b2c7c6e4cf1c46943923fdbe77951bf95b989e19
SHA512b5ad3eb96d2a375aa01fdfbc0bc0cced1a1496c6dce9f388957af4527da875a93b59b74d1d81f7e4ffd05ccb97bef81076798e289bb29bd91cac3abbc8b64600
-
Filesize
1KB
MD565231434bf14f7f955baabde7989258d
SHA1f17728df3229c0b5d7d622ef28aadf3806a4520e
SHA2564d4cf49d06d85525a2109089906df6156f6acda9a6668a81d9ed517b801b3e34
SHA512de3678ba9eb8c3f135213df4dcdd75ca05c9cee969676315eed07481fa5a997792490730e06fb129bbbc3b27b5577d8bcca51fde7ad27688d7f6fc574f4e1fd2
-
Filesize
1KB
MD5dbf784dab58ad126573f6aa25145fdb8
SHA1d7f531dc490629ab9c740eccffd2ac175ea4e590
SHA2568ff276c9472d923e1fc706889bff893fbf9499508f7faac2063eccc58b20c069
SHA5123e3dbbeb663997fb5d0139c3e7c2b90b40af20ec868281fcd0568b269e8622c596abede691572cc11001f87e65fe682514f82df928dd23f03fef80dd4765431a
-
Filesize
1KB
MD5cac7838ee7b4f6ac8c0773ed69251890
SHA1d6ed980a85c20a4749a1eb3d9918cc5760aa4df5
SHA256d78cde2555fa986e2016110827a874b4aa2e28fe3af93476a43f57f639b2f83a
SHA51239d658493c2cd74f62337ab5fc9cbf5affac664d61d8ad5c2d8f63cdf4df330c7d381d23adc17737dc81c7a844bf2aa548d21827733acfe614549c75b71148da
-
Filesize
5KB
MD508cfd96a1954d73c9b7b82368f3dfa31
SHA17e1ccae7e47d9eb809518367ec937dbaafdd5491
SHA2562d4ddc57f1536988517e1a1d9e0a1d1a4cc173e672fa863e84710bd5ec2fd911
SHA512e98c6f9de40061a65e19b4409c98f646c6d507d95b82256fe0c234cdff7916c51182bb3fd3b9c1079cfa739eb7943c665584dfafda47919783a688b1c8bb9583
-
Filesize
6KB
MD5bb86d20a1f1299d77c09fa7f536ef8af
SHA1eabb9ef197122d1d53426f8cf3ca8b87f0f04b7e
SHA256a71c794e203cde4e3139dc75f180300819cd3cc992abf010ea5d789b0d16c913
SHA512b130404577440053ed2c11d7d6e4d8f4ecdaa8e545eb877515d4063deee4540423178a20a4d716e98607dd678cc6d25f90a763d2c8d9ebcc72916ab38901a1c1
-
Filesize
6KB
MD5cb2f7cd5abce3dd846325eafabd40284
SHA14cc6c1e9fd0f69cbbee0343537823e2606db0a2b
SHA2569fcf8e1f7926cd500b3c795b003bd87b3c58e78d386273250abcd05e216604e5
SHA5126f2a33841c21b4dd7613cfcc3e658d3cf292ba3fa23ca143a0f772a6e08b397da747a1ee0af9d124b304b1fa53a46ab15b8288a76d1db9d3cb2a33f6f5de6036
-
Filesize
6KB
MD52382686673d0b5bb34aa9cd1ca253034
SHA1ca092af037416609d35359bb0a4bd2e2e2743317
SHA2565febdff092d29a59fe4e18b5b910f5eb01cddfbd8c044ddaf4f7d5938c3f0de0
SHA512061040f54d36f3535a9c9c8fae5cfc0dad608b37e6622644debea06f5fca68d013a01d12f185caa94d492c93edb93b47d80fd18e16b82b5f8bc8132d8cce30a7
-
Filesize
6KB
MD500829019ba76dc8d05348ae3996c1e31
SHA1bce8394f560697bece07fc337165b60b6dea93a3
SHA256930fc1d3fe2cc8d59c4a3deed4c6c38b10d45344c7700d64bb122ab793ef1a07
SHA512ce0202fae58cc7ea4b25042c4c0f5bf1cd5aeb3f4fea1e7b8457cc68688d73839d05c3d9a6e03da112665fc27fa20cec55e1eeae9727170bd37f35c19af7fec8
-
Filesize
1KB
MD55c5848cfdbf017479c680f5dab7a04ac
SHA16c6c6035460424fb457ded9d20155d3ceb8118e6
SHA256a04f4186cdcd4ad2c4acd8238808fcb105de4cbf5e68a9f9afce6a622e586efd
SHA5122175129ce02102ebf210dab23c32df1e172540629fdd42376f4edea4afe10b78b4cfc5a94c2955c35ca047b8f5af4a8e61cadb139172978dc3fd2a80b1b4d3d1
-
Filesize
1KB
MD55da879b656000c4705feef793a61481a
SHA14fea6d006f2589e6ef9bfc1c5f7d7c1423cb9a34
SHA2563cc3274c630919e875ab3f240d0c7619786b64697446421967d6f4ef5d2021af
SHA512a802e28b70115d410fb4a52c1855c34aeac6961367280bed9bbdcd673fda699f09e3328664d865487285510a97041bf478a8a92834785b5e00fee2518f468625
-
Filesize
1KB
MD50f1d6df8049f388c5c311fdd32266014
SHA1188b3b4fa6555b8d02ff97fb414880fbb5e97013
SHA2567b8abd5f5a5d4d3b072de92c6ac2dacdfab42c7da2d3a607adbdb3fe7476458f
SHA5122f047a2864978010c9d26e2787da59220b3780ea95d68b4d27fc3e80d1dfaec0daff84b62cc0fd7802e41ea35eb8824345e39acd79112448bd44e0b82a91004f
-
Filesize
1KB
MD5ea848e303efc936191be556ce1bc23e3
SHA11145cd8c1ca14209b6dc0fc6302d674a47921b51
SHA2562616f50b0ccedc05389a67fdd951477e51cbcb6db7daeaddec80dc2aa1b008e0
SHA51263a43d7f901e43e33329060c49c4a56bc8fc02140f331fea6e42d9ebb577f05edcff976f6d6bd5946fc52a5a25ff6402d8a9f800efbcc6a347c846a5a2c3f20e
-
Filesize
1KB
MD5bac1870fb43efbb1338bf77ccd5affc1
SHA1ba29e1a3e4c30a93df9a21f1081fed55a2436254
SHA2561bba41d2eb29858bad96eec4764f855e4aee4cf39c9400096d47aced480389b4
SHA512721fe76dd0839f456a25ebf79f016ff6506580045af0347ee0676ee469d87a00ef9dcc79649d0f1e62158506d17b084dcce5e16c6112ae916a10fe0677e8405e
-
Filesize
1KB
MD5d79a291f004ca647b6ef7fc1b7aec282
SHA19974f0a89a9feb3881f4d5063536cc561d6ade19
SHA2569ce611ed3af364fa799b815072eabdca1726bf53b9e81b7ebd3f83b8030cac2c
SHA512e01367fa1e4b3c86114d02766f7c929c8cfc306fbe432c78d25f191ad8e5c7ab9f822cc2d3dbfa993d3e1d904927530679627077851931ce6f9dcc26983cf13a
-
Filesize
1KB
MD53f6700eacfb52f9f1ce1e02e00a444cc
SHA110e91e44c255cc4684b84bf5639acd030c69d294
SHA256c2ad0335dc0037746a50edd18cd0e5a8f891af736e01ac7c899a23576104eb27
SHA5126e5db44b8349a779d0de39b7d4196b126655371aa660a9469742633d8f70a8640e32bcb0304a4dcbebd80ae44cfbc1040e1d0065a7c267a130774bba94cf191b
-
Filesize
1KB
MD5d12a51fb66b50efb56e5669b1b28336b
SHA1da8b3390626596053e96386a6678620af7ae5f56
SHA25620c91704184091e0abfe51afe0ba04b44e26ef20d499e76a4a9b10513573a14f
SHA51297b99891b448644cbea67dfa4e5e34b3a633e8bfff76820c57e91166191124878025137760f4057ca8497bf5e515b6a223ee77b10066ff86fcf251dada52cf94
-
Filesize
1KB
MD5446c20ca03892b0de1cba37da6424914
SHA1f6a0415bb91db989df84ea98cc48ca4f8f963d0d
SHA256ed6b3b7e0ca48e5486883a704f816320653154b44e5e5106502726a09da8a6d6
SHA51263b86f28e483d2ee9b5aeb8394a0c43d06079b26c1c8a2eaf462175ea46aa65dfc35959e79bd54a8c57d15d120157c0c68cb5f49824e40885e116e43b1033720
-
Filesize
1KB
MD596bc2f455fd8acbfb541d9e3d4a66f91
SHA16f2c57aa194b4f17263d6e534b47fadc3db5035d
SHA256a08e766e554ee6452c11a10b29a225fedb7087a67f302e87b73f5397fc2b5a00
SHA51212229999949b3df07f91ec67c151539574416dc9cf3b6491795e4571ec807d623a54936cdf60ce5ed33238d2b638d7224e95faf6df56c52b41eea639b2cb1482
-
Filesize
1KB
MD5c7901855d0ecce4e1c552fd64d08f3bc
SHA1cc246aa5ce42a15b0efd34dc127126b50958d9bf
SHA256c6dc939a84afa88ba5afae73d3497fd5e8856cbefad50d57cc95e05321bc50b7
SHA512bd73e8f38bfa051a19305ed022b8a0e053934304ae87a020e92ba56cc3ca2aaff6816288d975fa5b425d5d9e7cdf0c740bae0a454ab7a93381d3aec4b59c781e
-
Filesize
1KB
MD5adbca118e1bb3c70c36476683d9434b8
SHA1d005f730525555ae86ed198ba260d9ca71703247
SHA256a409e297537699ed4b53fd25fb1dde5c250036d91b7359ae4bb5e7f3620d3ac7
SHA512fd082387cb3f5efea173dea6e715a01db6ec1e1a4d11cef1f0472e517e2c514316a30f99af3abd5bc023f7922585035d8ba35362ef9a3f7e2baa5d2e45823a93
-
Filesize
1KB
MD5e2ae86ba5d5928747228ab587536f6a0
SHA1182976417543bf0646714ae1cf2a2c5e83fda581
SHA25656ed5dfc3d79dea163dae64b6a0f38a37e13c5804c1b058f1cde491d37a0d22b
SHA512791b10006f294c821d5375af3893de2c091597f1e1f2e088f4d0d3e457d6c129ea38c8c31a4503e309dd695b24099b8b8bc7adcac351fad3448708366dfcf926
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dcfb25da55a642741ac3ebea7c98c342
SHA18b823d58f4dcf1c898018ee00d2216b76af69ee8
SHA256be8cc77e4a49a37a626553657b45582e362627f7597a823c327c5cafad405b5f
SHA5122092076eaf5f0f1f1c604725feae8b736ede390a6e3ed3193e419de5f64b0f8f0ce79405745eca65f3304e4b8462458ac9ea47b3ddc08c7a628f6aae7a672f6d
-
Filesize
11KB
MD5be56678f62b438e54a6ee1ef6ab5db5b
SHA1eb7556a92566b3346072d6b54c77ea204478d234
SHA25661d3fbae3cfc8df04664455d02be24b499babd76adbcadc22180ae159c4d44d4
SHA512dcb7476c41c1d521c073aa4ba37ca9a224b2c1b7bacbe43523715f9d7e9f439cfd0f97e82aed73692142cb0a526f2180ce376408e87be99fb8062affc35ec622
-
Filesize
11KB
MD51fbfec3ec00990be6641eca31c3af9f5
SHA105683ee3b005b3c343971a073e04ff0aa7a4991e
SHA25614d5b6c2537b5eb942083f3e15a77395a87cc87e4c82a324a2d790661a7e673d
SHA512f0f1689909ce1ee1005a50974e695fd185fe4b7da8a8f2a61b45a6521d0dd076cde0047ad6082a7f6cbab936e3db39be3e16ca233c62b156ae5c474f126d5cb6
-
Filesize
566KB
MD5b2fb0ec95a3b716f04ba96f7b0d8448b
SHA18d5dd297744c7cc4b3f6fa36d9783975fc575f3e
SHA25617ad71e5f9cbaadb96d1dce4a3c53b34c5db0a087b31a524a9a6a8cff196caae
SHA512272806a231a064812811d800a53ae403560528c226436a6279c6b067d94213c1d2d5e3f41b3191b9d5fed6442df8d6e41b378266cffa51d296b2f833dcd14fa5
-
Filesize
97B
MD578dce6eddc7a0b1d76bd52837763e22b
SHA1eb762d3cb7be704d0245d9d1ccd77ea39b6d0d53
SHA2569288dfb25331de03c8344a249e1f76588e72dd47fe5c1b7e5e1a21e2b81c74d8
SHA5120d658e3235f30318fc0d7c6e949e5ea24f9b99605765926235e5ab05ea7eda7105766f21aed4aba5e5012c2d6048ee77b952a4b31340785c91254adaaef093f5
-
Filesize
106B
MD5b901773b9690497f55fd4302378f0f38
SHA149d85fe810f80e3b2e73e2744914e5bc40c3ccc8
SHA256c863ad75c534d18f97ed51bbe0dd5e5ad234289c305efcb92efef5aeb04740f2
SHA512b1a57db5eb4ccc381f72f581b885894ce10f424a69fb1ff91c64758decc57add277d1637f68913a9822326ab6d56148b3ec9ef9bb8fd6b348883335b118db603
-
Filesize
982KB
MD50e89a13c623f26af0482d2b8d51d8b02
SHA18bdef3070fbc759edfd43c7847a676e91be12c5a
SHA2561f2c145fc77049b9437c9aedfd8332be167246bc270d98c22deca902fc967563
SHA512d7fabfcea46081fb24ae5a06c75b097c7e451848a20d96b77dcf900863a561b4b8724120276bbdaebd6827cb88b8cfbb397c96107c9a328245f8a07bfb6f70ea
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
53KB
MD5c72428ee01fe76c6129791fe31b50ead
SHA15799405b260085e2e30f9eabface3d70b42d89be
SHA256383314c3642086c3f5a3e36ce745975dea9a3e6ecb45d61a1db192bbf1a02f50
SHA51218c854a8c0a09ec44652062824b382c7502075c9a49b06ef1159d0f36fb3812f7ce8bd89bfbf70df3ae51716bea8ed32f4fc4c333f5d6fffe3d3dff41acf8ed1
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
304KB
-
Filesize
32KB
-
Filesize
624KB
-
Filesize
4.8MB
-
Filesize
664KB